diff --git a/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2 b/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2 index eab31d1..d85c7e6 100644 --- a/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2 +++ b/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2 @@ -4,6 +4,7 @@ [[ .Cert ]] [[ .Key ]] [[ .Cert | writeToFile "{{ consul_conf.tls.defaults.cert_file }}" "root" "{{ consul_user }}" "0644" ]] +[[ .CA | writeToFile "{{ consul_conf.tls.defaults.cert_file }}" "" "" "0644" "append,newline" ]] [[ .Key | writeToFile "{{ consul_conf.tls.defaults.key_file }}" "root" "{{ consul_user }}" "0640" ]] [[ end ]] {% else %} diff --git a/roles/vault_agent/templates/nomad/agent_bundle.pem.tpl.j2 b/roles/vault_agent/templates/nomad/agent_bundle.pem.tpl.j2 index a934284..5c8044f 100644 --- a/roles/vault_agent/templates/nomad/agent_bundle.pem.tpl.j2 +++ b/roles/vault_agent/templates/nomad/agent_bundle.pem.tpl.j2 @@ -2,8 +2,9 @@ [[ .CA ]] [[ .Cert ]] [[ .Key ]] -[[ .Cert | writeToFile "{{ nomad_conf.tls.cert_file }}" "{{ nomad_user }}" "{{ nomad_user }}" "0644" ]] -[[ .Key | writeToFile "{{ nomad_conf.tls.key_file }}" "{{ nomad_user }}" "{{ nomad_user }}" "0640" ]] +[[ .Cert | writeToFile "{{ nomad_conf.tls.cert_file }}" "root" "{{ nomad_user }}" "0644" ]] +[[ .CA | writeToFile "{{ nomad_conf.tls.cert_file }}" "" "" "0644" "append,newline" ]] +[[ .Key | writeToFile "{{ nomad_conf.tls.key_file }}" "root" "{{ nomad_user }}" "0640" ]] [[ end ]] [[ with secret "{{ vault_agent_nomad.nomad_pki.path }}/cert/ca_chain" ]] [[ .Data.certificate | writeToFile "{{ nomad_conf.tls.ca_file }}" "{{ nomad_user }}" "{{ nomad_user }}" "0644" ]] diff --git a/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2 b/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2 index 07a3f0d..8882018 100644 --- a/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2 +++ b/roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2 @@ -13,7 +13,7 @@ elif [ "$(echo ${VAULT_STATUS} | jq .initialized)" != "true" ]; then echo "Vault is not initialized yet, exiting" else echo Updating Vault certificate to access Nomad API - vault write {{ vault_agent_nomad.nomad_pki.cli.secret_path }}/config/access \ + vault write {{ vault_agent_nomad.nomad_pki.cli.secret_path | default('nomad') }}/config/access \ ca_cert="$(cat {{ nomad_root_dir }}/tls/ca.crt)" \ client_cert="$(cat {{ nomad_root_dir }}/tls/cli.crt)" \ client_key="$(cat {{ nomad_root_dir }}/tls/cli.key)"